Pythem is a python framework used for performing various security tests on networks and web applications. These include scanning, web crawling, web application bruteforcing, ARP spoofing, DNS spoofing, DHCP spoofing, redirect webserver attack, network sniffing, and denial of service attacks. Moreover, Pythem is also loaded with other utilities, such as exploits, reverse engineering, pforensics (.pcap packets filtering), geo ip tracing, coding, and decoding.

Pythem Installation

Pythem is a python based tool that requires packages including essential, dev, pip, tcpdump, capstone, libnetfilter-queue-dev, libffi, and libssl. Install these packages using the following command before installing the Pythem framework.

After installaing the dependencies, Pythem can be installed using the Pip or source installation. The source installation requires cloning the framework on the Linux system using the following path.

git clone https://github.com/m4n3dw0lf/pythem

After cloning the framework, move to the Pythem folder and run the following command to complete the installation process.

cd pythem
sudo python setup.py install

Using Pythem

Pythem runs from the terminal using the sudo command.

sudo pythem

The command loads almost a blank pythem interface. From here we can load any Pythem utility by just typing the commands. To know the working of each utility/feature of Pythem, just add the help argument to the desired utlity/feature. For example, if we want to use the scanning utility of Pythem, and want to know about the syntax required to perform the scanning on the target hosts, we can run the following help command to explore this feature.

scan help

The output of above command can be seen in the following screenshot.

It shows the filters that can be used for scanning along with the syntax, illustrated with an example. The same procedure can be applied to all the Pythem utilities, such as sniff, dos, brute hash etc.

As mentioned above, Pythem is a multi-tasking framework that can perform various security tests on a network. For instance, if we desire to simulate the network sniffing attack, we can simply achieve this by setting the network interface and providing the host ip along with the desired port. For example, we want to monitor the network traffic for wlan0 interface on port 1337 with the host ip address as 192.168.1.1, we just type ‘sniff’ in the Pythem terminal.

sniff

Pythem prompts for the port number and the host IP address that can be provided in the following way.

port 1337 and host ip 192.168.1.1

The framework also gives the option of storing the sniffed packets using a .pcap. Once configured, the framework starts the sniffer to monitor the network traffic for the desired interface.

What Bunny rating does it get?

Pythem is a decent framework that can do some serious network security audit by running the tests like ARP spoofing, DNS spoofing, DNS redirect, DHCP ACK injection, SSH Brute-force, running shell codes, and string filtering on .pcap files. As a result we will be awarding this tool a rating of 4 out of 5 bunnies.